Course project Phase 2

profiledbal33
phase_one.docx

Security Assessment

Introduction

This report is a security assessment of Aircraft Solutions (AS), which is a top provider of fabrication and design of products and services for companies in defense, aerospace industry, and electronics. Southern California is the headquarters of Aircraft Solutions. Aircraft Solutions counts on its workforce of highly trained employees with a very large skill set, which fuels the company’s overall productivity. The main objective is to identify the potential threats and vulnerabilities within the operations at Aircraft Solutions while identifying their consequences and risks.

Security Weaknesses

The three areas of the assessment for potential vulnerabilities, is the hardware, software and policy, AS assets will be evaluated and how they will be harmed if a security threat is detected, I have determined that the Business Process Management Hardware (BPM) is a major asset of the company, which handles processes that deal with organizations and multiple systems. Operations at AS relies very strongly on the BPM to connect their vendors, suppliers, and customers. If the systems become breached by an intrusion, AS couldn’t operate and the information data would be breached. I have decided to put all my focus on the areas of policy and hardware. In the area of hardware I have noticed that the infrastructure of the network there isn’t a firewall being used between the commercial division and the internet. The commercial division appears to be connected straight to the internet, but the Defense Department, is routed straight to the Company Headquarters, which can be a potential vulnerability to the company. The next area of concern that can be affected is the current security policy. The current security policy states that all routers and firewalls should be inspected every two years. The particular time span between inspections can be a huge problem when it comes down to the safe success of the organization. These areas will be further examined in this report in terms of the risks, vulnerabilities and consequences.

Hardware

Aircraft Solutions hardware security weakness is that it does not have the proper security placed between its Commercial Division (CD) and how it communicates with the rest of the world. It is clearly visible in the infrastructure of the network that in order for the CD to communicate with the Headquarters, it must transmit information first through the internet causing the information transmitted to be readily available for intrusion since no firewall is currently in place. The firewall protects computers that are networked together from intrusions that could jeopardize the corruption of data or service denial (vicomsoft). In the case of AS, the information transmitted through the CD network could be compromised and could cause damage or a data breach in the process.

The vulnerability that is presented in this situation would be the lack of an active firewall between the public network and the private network of the CD, the internet. The threat that is caused is the easy availability of the private networks information to the public. As Chris Jackson described on page 237, “Not having adequate perimeter controls leaves a business completely exposed to the many attack vectors commonly used to gain unauthorized access to networks today” (Jackson, 2010).

“Firewalls create a barrier that if someone is trying to hack your computer; it makes it difficult for attackers to get into your computer, by blocking their attempts to get into your computer they will eventually give up for the moment. Firewalls are very important tools to small business or corporations because of the amount of personal information that they contain. It’s almost impossible to prevent every intrusion that happens: Most software today that is created has bugs or glitches, and someone might discover a way to get through the bug and the firewall allows them to pass through once they figure out the bug. Everyone thinks that just because you have a firewall that you are invincible which you are not safe. How much money you invest in your firewalls should be how much you have to lose if the intrusion is successful” (Northrup, 2011). The chance that threats will happen is always out there and it is higher in terms of transmitting and accessing information between a public and private network. A network system without a firewall that is active is vulnerable to intrusions. The amount of malware that organizations receive today is massive and it creates whole hosts of vector attacks. Viruses can be obtained by opening email, visiting websites that have viruses, and using USB sticks on company computers, and using certain instant messenger programs. (GFI, 2011). Viruses and Malware can create huge customer data loss, and can damage the hardware systems and shut down day to day operations. It can create a huge loss to the organization since none of the security protocols were examined. We can speculate that firewalls allow administrators of networks to limit access to services that require internet access to certain users. The network administrator is a very important piece of managing the information, and not only does it involve protecting private information, but also knowing who has access to what. Privileges can be granted according to what they need it for compared to having full access to everything. (vicomsoft).

Security Policy

Policies are the backbone of every information security program that has ever been written. It is pointless having security precautions implemented if there is no policy or steps in place to fix the security problems. Policies clearly define what is acceptable in an organization or what isn’t allowed and defines the procedures that apply in different situations” (GFI, 2011). According to AS’s security policy we can see that the standard procedure to inspect the firewalls and routers at every two years can be certainly looked at. Technologies has changed and experts in hacking these technologies have advanced throughout the years, by creating a procedure set for every two years, risks for a hacker to attack the network systems becomes higher . Threats that Aircraft Solutions faces will began to change because of the ever changing technology. AS’s requirements for their business will change because of the vulnerability of risks the business is taking as a whole. With all the changes, the process for the security policy is never going to be fully completed. It only lies dormant for a time” (Avolio, 2007). Network requirements change due to new technologies, security policies should change along with the new technologies. Firewall and router security policies should always be reviewed on a regular schedule. By following the security policies to only be reviewed every two years, the organization is creating a high risk of intrusion to their information.

Firewall and router settings and applications are often updated, if the security policies are not currently updated with demands of the organization then it is at risk of having security systems that are outdated and can be hacked easily and important company information can be stolen, and consequently cost the firm money because of a data information breach. The chances of the threats are readily available since the policies can be said, are outdated, the firm may not rely on the current aspects of newer security implementations and be fully exposed to those threats.

Works Cited

Avolio, F. M. (2007, July). Watchguard. Retrieved January 26, 2014, from PRODUCING YOUR NETWORK SECURITY POLICY: http://www.watchguard.com/docs/whitepaper/securitypolicy_wp.pdf

GFI. (2011). SECURITY THREATS: A GUIDE FOR SMALL AND. Retrieved January 26, 2014, from GFI: http://www.gfi.com/whitepapers/security_threats_SMBs.pdf

Jackson, C. (2010). Network Z Security Auditing. Indianapolis: Cisco Press.

Northrup, T. (2011). Firewalls. Retrieved January 26, 2014, from Microsoft/TechNet: http://technet.microsoft.com/en-us/library/cc700820.aspx

vicomsoft. (n.d.). Learning Center: Firewalls. Retrieved January 26, 2014, from vicomsoft: http://www.vicomsoft.com/learning-center/firewalls/